|  | |||||||||
A Network Controller Interface for a Time-Triggered Protocol
A. Kr?uger, H. Kopetz
Institut f?ur Technische Informatik, Technische Universit?at Wien,
Treitlstr. 3/182/1, A-1040 Vienna, Austria
ABSTRACT
A time-triggered communication protocol that derives its control information (e.g., when to send a message) from the progression of time offers unique features that meet the stringent demands of automotive class C control applications. The interface to a dedicated network controller executing such a protocol can be viewed as a system wide interface and is thus a perfect starting point for the system's decomposition into autonomous, non-interfering subsystems. This paper presents such a network controller interface that allows applications to transparently access the services of the underlying communication protocol. The interface is designed as a data-sharing interface, i.e., the flow of control information across the interface is restricted to the necessary minimum. With this, the chance of control error propagation is reduced considerably. The interface acts as a temporal firewall facilitating independent subsystem development and validation.
INTRODUCTION
The increasing cost efficiency of micro-electronic devices, and the demand for enhanced vehicle functionality have stirred the recent trend in the automotive industry to implement more and more of the vehicle functions under the control of a distributed computer system. Within the automotive environment, two major application domains can be distinguished. Body electronics comprise all functions that are not directly concerned with the movement of the car (e.g., lighting, dashboard displays, or power window control), whereas system electronics subsume functions directly controlling the vehicle's movement (e.g., engine control, vehicle dynamics control).
While at the time being body electronics (SAE classes A and B) systems have already matured to an extent that allows to use this technology in production-line cars [15], system electronics (SAE class C) technology is still
in the research stage. The reason for this is the novelty of the emerging demands: A highly dependable system that satisfies real-time requirements has to be built under the cost constraints of the automotive industry. These requirements were established by the SAE along with a typical class C benchmark problem [3]. In a companion document [4], the SAE came to the conclusion that none of the surveyed protocols (J1850 [1], CAN [2], VAN, : : : ) satisfies the requirements of distributed safety critical applications onboard vehicles.
It is the objective of this paper to present a network controller interface | the Message Base Interface (MBI) | for automotive class C control systems that explicitly considers these demands. The MBI is based on the real-time communication protocol TTP [9]. We consider the network controller interface | being a system-wide interface | to be a determining factor for the architecture of the overall system. A proper design of this interface hides the complexity and details of faulttolerant real-time communication from the application. This transparency of the communication subsystem provides to the application programmer exactly what he is interested in: The guaranteed properties of the communication subsystem.
The paper is structured as follows. The next section surveys the demands of the automotive environment with respect to the design of distributed computer control systems. Section three outlines our system model and the design approach taken. In Section four, the Message Base Interface is described in detail and Section five considers implementation aspects. The paper is concluded in Section six.
MOTIVATION AND BACKGROUND
As a new application domain for real-time control system technology, the automotive environment imposes rather distinctive requirements on system design. In the following, we will show the role the network controller interface plays in the design of the system. The